All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices.
[
{
"product": "MF65",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "V1.0.0B05",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "MF65M1",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "V1.0.0B02",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]